15th Annual Information & IT Security Summit

PrintBrochureLinkedIn
15th Annual Information & IT Security Summit

Documentation for this event is available. Enter your access code.

About

IT security issues continue to cost businesses time, money and information. Time and again we see media reports of organisations leaving information on unencrypted USB drives, having little or no Identity and Access Management protocols, or losing payment card data to hackers.

This intensive one day event is designed specifically to combat the ever increasing number and complexity of IT risks and threats. We will discuss critical elements such as:

Mobile Security | Threat Detection and Forensics | PCI-DSS Compliance | Security Outsourcing  | Database Security

Make the investment into keeping yourself up to date with the latest security threats – not to mention the networking opportunities with some of New Zealand’s top IT Security minds!

With a format that packs in all the need-to-know issues into one day, this is one IT security event not to be missed!

Agenda

Day 1

8.30

Registration & Coffee

9.00

Opening remarks from the Chair

Tony Krzyzewski, Director, KAON TECHNOLOGIES

9.05

Data at Risk

Enterprise data is growing and managing that data growth has resulted in the implementation of an increasing number of databases and centralisation of most critical company information in large data warehouses. Thus, it is now possible for a single breach of data security to become a catastrophic event. In this session we will investigate control strategies to help mitigate the risk of an adverse data disclosure such as:
• Management of privileged users
• Effective logging
• Database QA and Change Management processes

Eric Svetcov, Director, SV TECHNOLOGIES

9.50

CASE STUDY: The Warehouse’s Journey to PCI Compliance

Attaining PCI compliance is a difficult task; yet it’s important to never lose sight of the fact that compliance is only a starting point – it should never be the end goal. This session will describe the Warehouse’s road to PCI compliance and challenges along the way.

Richard A’court, Infrastructure Architect, THE WAREHOUSE

10.40

Morning tea

11.00

Mobile Phone Insecurity

There are 3.3 billion cell phone users in the world, yet mobile phone users generally do not consider that their phone may put them at risk and happily use them without considering the many inherent vulnerabilities.
• The range of mobile phone vulnerabilities, from interception, loss or theft, tracking, bugging, targeted data acquisition, and threats from the Internet
• How these vulnerabilities can be exploited
• How users may improve the safety of their mobile phone use

Dr Hank Wolfe, Associate Professor, UNIVERSITY OF OTAGO

11.45

Security Among the Clouds

Cloud computing is rapidly moving from hype to a must-have service model. The benefits are certainly real, but a business must ensure that the cloud environment is secure enough for its essential data. Cloud computing has matured to the point that it can be a secure, viable and highly effective approach. But without careful planning and consideration, the gains can be overshadowed by the risk exposure.
• The realities and risks of the cloud
• How cloud service providers mitigate risk
• The right data and applications for the cloud
• Assessing your risks, and the cloud provider’s capabilities

Philip Whitmore, Director - Assurance, PRICEWATERHOUSECOOPERS

12.30

Lunch

1.15

Outsourcing Information Security - The Oxymoron that Defined an Industry?

Outsourcing information security has become a popular option for many businesses. Outsourcing is often seen as a more cost effective way of delivering security, but, it is not without security implications. This presentation examines some common methods of outsourcing information security, some common pitfalls and how these might be addressed.

Simon Burson, Manager, DELOITTE

2.00

DEMONSTRATION: Client-Side Security: Where to From Here?

So it’s 2010, and you’re thinking “Im secure now!” right? You have your firewall, AV, security policy, PCI, ISO, and you’re armed to the teeth with security technology and staff. I’m sorry, but the game has changed, and you are still insecure, and will likely get hacked in 2010. This presentation will take an in-depth look at client-side vulnerabilities and how they have become the focus of hackers across the globe. This session will demonstrate just how easy it is to compromise your desktop computer, while you simply browse a website. To make matters worse, it’s not even that hard.

Scott Bell, Security Consultant, SECURITY-ASSESSMENT.COM

2.45

CASE STUDY: Computer Security Meets Digital and Network Forensics: New Ideas in Forensically Sound Adaptive Security

This session describes techniques which demonstrate how IT security and network forensics can work together. In particular, it addresses computer security and forensic analysis from a real-time perspective such that security events can be monitored in a live network while sound forensic data collection, storage and processing can be carried out in parallel.
• Interworking of network forensics with security architectures
• Real-time forensically sound adaptive security
• Monitoring, intrusion detection/prevention and reactive firewall architecture
• Real-time analysis of log files and incident response

Ray Hunt, Associate Professor, UNIVERSITY OF CANTERBURY; & Malcolm Shore, Head of Security

3.30

Afternoon tea

3.45

CASE STUDY: Managing Social Networking Insecurities

Socials Networks: love them or hate them, you cannot ignore them. Their exponential growth over the last few years has changed the landscape of personal information sharing and data privacy. This session will show some of the Social Networking security issues that you need to be concerned about, and policies and practices you can put in place to tackle them.

Paul Blowers, Enterprise Security Architect, NZ POLICE
Andy Prow, Managing Director, AURA SOFTWARE SECURITY LTD

4.30

DEMONSTRATION: Web Application Insecurities and You

This session will include a live demonstration of how web application vulnerabilities are discovered and exploited by attackers. New and old exploitation techniques of common security flaws will be demonstrated which will show that even seemingly ‘minor’ issues, can have far greater consequences when used in conjunction with other issues. Throughout the demonstration, we will also highlight and discuss various recommendations and solutions to improve the security of web applications during all phases of application development.

Brett Moore, Managing Director, INSOMNIA SECURITY

5.15

Summary Remarks from the Chair and Close of Conference followed by Networking Drinks

Sponsors

Find out more about sponsorship opportunities for this event:

Please select a point of contact